| ▲ | miladyincontrol 7 hours ago | |||||||
Agree strongly. An expired cert is better than no cert. Also would argue maintenance is only as complicated as you make it for yourself. Countless people keep patched, secure, https web servers running with minimal effort. If its somehow effort, introspect some on why you are somehow making so much work for yourself. | ||||||||
| ▲ | pocksuppet 4 hours ago | parent | next [-] | |||||||
That's no use when your automated registrar stops working in 3 years because it went out of business or changed protocols. Let's Encrypt has been an outlier. | ||||||||
| ▲ | superkuh 6 hours ago | parent | prev [-] | |||||||
Might be a bit of each of us touching different ends of the elephant. To be clear I am talking about long timespans. Lets Encrypt hasn't even existed for a full decade yet. During that time it's dropped support entirely for the original acme protocol. During that time it's root certs have expired at least twice (only those I remember where it caused issues in older software). And that's ignoring the churn in acme/acme2 clients and specific OS/Distro cert choice issues and browser CA issues. Saying that there's no trouble with HTTPS must be coming from experiences on short timescales (ie, a few years). HTTP/3 already doesn't allow anything but CA TLS only. It won't be too long before they no longer allow you to click through CA TLS warnings. If human people want things to be on the web for long time periods those things should be served HTTP+HTTPS. | ||||||||
| ||||||||